Study: biometrics important to mobile payments’ growth
A new study from Juniper Research has found that the increased rollout of contactless payment services using fingerprint scanners will push the number of biometrically authenticated transactions to nearly 5 billion by 2019, up from less than 130 million this year, according to a press release about the report.
The research observed that at present, only two services – Apple Pay and Samsung Pay – used fingerprint scanners for authentication, with availability currently limited to the U.S. and U.K. for the former, and the U.S. and South Korea for the latter. However, it argued that with both services expected to be launched in multiple additional markets during 2016, the convenience of the scanner is likely to make it a primary mechanism for transaction authentication.
The new research report – Mobile Identity, Authentication & Tokenisation 2015-2020 – argued that incorporation into additional mobile wallets would be spurred by a greater availability of fingerprint scanners in mid-range smartphones. This, together with a growing take-up of contactless infrastructure at the physical point of sale, is likely to drive further adoption in the medium term.
The research, however, cautioned that the security of biometric data was paramount, citing the case of the HTC One Max, where fingerprint data was mistakenly stored on the device in plain text and in a world-readable location, according to the press release.
While that mistake was rectified, research author Dr. Windsor Holden warned that the implications to ensure secure storage could be devastating.
“When a password or PIN is hacked, the consumer can simply get a replacement,” he said. “When biometric data – fingerprint, iris, facial – is stolen, the consumer’s online identity could be irretrievably compromised.”
Additionally, the research pointed out that the greater prevalence of cybercrime – more than 1 billion online records were exposed by data breaches in 2014 – meant that tokenization was becoming an increasingly attractive proposition for acquirers and processors. It argued that the tokenization process – wherein data with no intrinsic value replaces high value cardholder data – would significantly reduce exposure to fraud. Furthermore, with hackers merely obtaining tokens which are meaningless in isolation, the scale of attacks on sites might also decline.